(TNS) — Village of Jefferson, Ohio, officials were alarmed, but ultimately unscathed, after a ransomware virus found its way onto a computer late last month.
The infamous strain of malicious software threatens to wipe out affected computers unless victims pay the hackers a ransom before a deadline. The same ransomware attack struck Jefferson village and at least two other entities that contract IT services from Steve Schoneman of Ashtabula’s Schoneman Inc.
He said the hackers in these cases demanded, on average, about $4,900 worth of bitcoin, the digital currency often used to keep illegal transactions anonymous.
The attack struck a village computer primarily used for finances, Administrator Terry Finger said. The village keeps physical backups for its machines, so nothing was lost, Schoneman said. The affected machine was wiped and restored from the backup, he said.
“We caught it on the first machine and shut everything down,” Finger said. “We had to wait for them to isolate and get it back up.”
But the cleanup forced Jefferson Community Center’s computers to be shut down for several days, meaning officials had to track incoming revenue and manually post transactions by hand.
“We operated in a manual mode for three or four days,” Finger said. “We were joking today: What in the hell’s the world going to do if this stuff gets out of control? People have forgotten how to write stuff on paper and add it up on a pocket calculator. We’re spoiled.”
Schoneman said it’s unclear how the malware would have spread, or how it found the village’s vulnerability in the first place. He suspects the hackers were from the other side of the world, based on the times they contacted Schoneman and officials about the ransom, but they’ll likely never know for sure.
“Ransomware is ever-present in the (online security) industry,” he told the Star Beacon. “It’s out there on the internet and if you hit upon a site that’s infected or an email that’s infected — or any number of other things — you can get ransomware.
“The best defense against ransomware is a backup,” he said.
Schoneman is talking about extra physical, external hard drives — ideally two, alternated and updated each day and otherwise kept offline. Cloud backups like Google Drive or Dropbox are always online, so they’re still vulnerable to attackers, he said.
“A lot of insurances now offer ransomware coverage. It’s definitely worthwhile for business people to check what kind of data loss or ransomware coverage they might be able to add to their policy. It’s a smart move, these days,” he said.
©2018 the Star Beacon (Ashtabula, Ohio), Distributed by Tribune Content Agency, LLC.
NEW ON THE PODCAST